Certificates for Secure Communication

Obtain the following certificates that are required to secure the communication between your appliance and the identity provider:

If you want your appliance to sign SAML authentication requests or if want your identity provider to encrypt SAML assertions, obtain a self-signed certificate or a certificate from a trusted CA and the associated private key.
If you want the identity provider to sign SAML assertions, obtain the identity provider’s certificate and import the same to your appliance. Your appliance will use this certificate to verify the signed SAML assertions.

Converting Certificates

Normally, the certificates obtained from the appliance are in .pfx format and must be converted to .pem format when you configure your appliance as a service provider.

To convert the certificates from .pfx format to .pem format, do the following:

Download and install OpenSSL tool and import the certificate file (.pfx) obtained from your appliance.
Run the following command to export the certificate in .pem format: openssl pkcs12 -in <certname>.pfx -nokeys -out cert.pem
Run the following command to export the private key in .pem format: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key